Are you really guarding your data?

It’s time to stop gambling and start treating cybersecurity as a top priority before the breach hits.

Cybersecurity threats are omnipresent, yet many businesses remain dangerously complacent. Despite rising incidents of ransomware and phishing, many organisations still rely on outdated systems and weak defences, leaving them vulnerable.

As threats grow more sophisticated – fuelled by automation, AI, and tools like deepfake technology – cybercriminals are becoming increasingly aggressive and destructive. A 2023 report by Osterman Research highlights that CIOs and CISOs are heavily investing in cybersecurity, as the attack surface expands with cloud computing, AI, and IoT.

“In addition to being a defensive measure, cybersecurity is essential for maintaining business continuity and customer trust,” says Marius Cronje, CIO at AfriGIS . “And as cyberattacks evolve at an astonishing rate, organisations need equally dynamic and robust security strategies to protect themselves from increasingly sophisticated threats.”

The foundation of a strong cybersecurity framework rests on five core pillars:

1. Authentication: Verifying the identity of users or devices to prevent unauthorised access.
2. Authorisation: Ensuring that only authorised individuals have access to sensitive information.
3. Integrity: Protecting the accuracy and reliability of information, preventing unauthorised changes.
4. Availability: Making sure that systems and information is available to authorised users when needed.
5. Non-repudiation: Providing proof of actions, such as secure logging, to prevent the denial of legitimate actions once performed.

These principles form the foundations of reliable strategy. The challenge is to stay ahead of cybercriminals.

“To effectively counteract these sophisticated attacks, businesses must maintain vigilance through proactive measures like regular system updates, thorough security audits, and ongoing employee training,” Cronje says. “As the attack surface expands, organisations that fail to keep pace with new technologies and threats risk exposure to significant financial, operational, and reputational harm.”

The evolving nature of cyber threats

Today’s cyberattacks employ highly advanced methods such as phishing, ransomware, and denial-of-service (DoS) attacks, targeting vulnerabilities across industries. Small businesses, in particular, face heightened risks due to their limited security resources.

As IT infrastructures grow more complex – incorporating cloud services and IoT devices – the attack surface widens, making layered security practices essential for businesses of all sizes.

In 2023, South Africa experienced over 220 million email threats. In addition, more than half of South African firms were impacted by ransomware during the year.

“Across Africa, cyberattacks have surged, leaving both public and private organisations increasingly vulnerable due to inadequate cybersecurity measures,” Cronje says. “Agenda ransomware, which emerged in late 2022, exemplifies this threat by targeting healthcare and educational institutions in multiple African countries, including South Africa. This advanced ransomware can bypass security systems and cause widespread damage.”

These incidents highlight the urgent need for businesses in South Africa and across the continent to adopt regular system upgrades and implement proactive defence strategies. Without these critical steps, organisations remain exposed to the growing risk of financial and operational disruption from ever-evolving cyber threats.

Why regular upgrades in custom systems are essential

A key yet often overlooked part of a cybersecurity strategy is the regular upgrading of software and hardware components, especially in custom-developed systems. Unlike off-the-shelf solutions, which benefit from automatic updates, custom systems require manual intervention to keep them secure.

1. Security vulnerabilities: Custom systems are tailored to specific business needs but often miss the frequent updates that commercial software receives. If not regularly updated, these systems become more vulnerable to attacks.
2. Third-party dependencies: Most custom systems rely on external libraries or frameworks. Failing to update these can leave a system exposed to well-known vulnerabilities.
3. Performance and resilience: Regular updates ensure that systems run optimally and can handle cyberattacks. Outdated systems are more likely to fail in the face of threats.
4. Regulatory compliance: Industries like finance and healthcare have stringent cybersecurity regulations that require regular updates. Non-compliance can lead to fines and reputational damage.
5. Futureproofing: Regular upgrades not only address current threats but also prepare systems for emerging ones, ensuring businesses stay competitive.

Web application firewalls (WAFs) and attack mitigation

A key tool in web-based cybersecurity is the Web Application Firewall (WAF), which filters incoming HTTP requests to block malicious traffic.
Though WAFs provide a critical line of defence, a multi-faceted cybersecurity approach is necessary to fully protect systems. This includes:

• Conducting secure code reviews to identify and fix vulnerabilities.
• Performing regular security testing, including penetration testing, to discover weaknesses.
• Implementing automated patch management to keep systems up-to-date.
• Training staff in security best practices to reduce human error.

The cost of delay vs. the cost of upgrading

“Upgrading legacy systems can be costly, but the risk of maintaining outdated technology is far greater,” Cronje cautions. “As systems age, the costs of maintaining them increases whilst possibly slowing the pace of innovation. The cost of delaying upgrades must be weighed against the long-term benefits, such as enhanced security and reduced future development costs.”

Cybersecurity is not a one-time fix; it’s a continuous process that requires regular updates, monitoring, and improvements. For custom-developed systems, consistent upgrades are crucial to maintaining security and compliance in a rapidly evolving digital environment. Investing in these updates not only enhances security but also improves system performance and competitiveness, preventing costly breaches in the long run.

About AfriGIS
AfriGIS is the leading Geospatial Information Science company in Southern Africa that specialises in location-sensitive data and solutions. It provides customers across the board with a suite of web-based tools and APIs to connect to, enhance, and enrich their own data with location intelligence, insights, and trusted data. The organisation was founded in 1997 and celebrates more than 25 years in business. It is a level 1-certified broad-based black economic empowerment (B-BBEE) business, with more than 100 employees, in Pretoria, Durban and Cape Town in South Africa, Dublin in Ireland, and Dhaka in Bangladesh.

Media enquiries:
Irene Masia, AfriGIS
Contact details: +27 (0) 87-310-6400, irene@afrigis.co.za